CVE-2019-5804 — Argument Injection in Google Chrome

CWE-88 — Argument Injection7 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 86.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Opensuse Backports Opensuse Leap

Timeline

PublishedMay 23

Latest updateMay 24

Description

Incorrect command line processing in Chrome in Google Chrome prior to 73.0.3683.75 allowed a local attacker to perform domain spoofing via a crafted domain name.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶NVDgoogle/chrome< 73.0.3683.75

▶CVEListV5google/chromeprior to 73.0.3683.75

▶NVDopensuse/leap15.0, 15.1, 42.3+2

▶NVDopensuse/backportssle-15

🔴Vulnerability Details

GHSA

GHSA-h52g-p85j-frqr: Incorrect command line processing in Chrome in Google Chrome prior to 73↗2022-05-24

▶

OSV

CVE-2019-5804: Incorrect command line processing in Chrome in Google Chrome prior to 73↗2019-05-23

▶

CVEList

CVE-2019-5804: Incorrect command line processing in Chrome in Google Chrome prior to 73↗2019-05-23

▶

📋Vendor Advisories

Red Hat

chromium-browser: Command line command injection on Windows↗2019-03-12

▶

Debian

CVE-2019-5804: chromium - Incorrect command line processing in Chrome in Google Chrome prior to 73.0.3683....↗2019

▶

💬Community

Bugzilla

CVE-2019-5804 chromium-browser: Command line command injection on Windows↗2019-03-13

▶